Login Sign Up

CVE-2023-41063

7.8 HIGH
Remote Code Execution

📋 TL;DR

This is a memory handling vulnerability in Apple operating systems that allows an application to execute arbitrary code with kernel privileges. It affects macOS, iOS, iPadOS, and tvOS. Successful exploitation gives attackers complete control over affected devices.

💻 Affected Systems

Products:
  • macOS
  • iOS
  • iPadOS
  • tvOS
Versions: Versions prior to macOS Ventura 13.6, tvOS 17, iOS 16.7, iPadOS 16.7, iOS 17, iPadOS 17, macOS Sonoma 14
Operating Systems: Apple macOS, Apple iOS, Apple iPadOS, Apple tvOS
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running affected versions are vulnerable by default. No special configuration required.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full device compromise with kernel-level persistence, data theft, and ability to bypass all security controls.

🟠

Likely Case

Malicious app gains complete system control, potentially installing backdoors, stealing credentials, and accessing all user data.

🟢

If Mitigated

Limited impact if devices are fully patched and app installation is restricted to trusted sources only.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires a malicious app to be installed and executed on the target device. No known public exploits at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Ventura 13.6, tvOS 17, iOS 16.7, iPadOS 16.7, iOS 17, iPadOS 17, macOS Sonoma 14

Vendor Advisory: https://support.apple.com/en-us/HT213931

Restart Required: Yes

Instructions:

1. Open Settings/System Preferences 2. Go to General > Software Update 3. Install the latest available update 4. Restart device when prompted

🔧 Temporary Workarounds

Restrict App Installation

all

Only allow installation of apps from the App Store and identified developers

For macOS: System Preferences > Security & Privacy > General > Allow apps downloaded from: App Store and identified developers

🧯 If You Can't Patch

  • Isolate affected devices from critical networks and sensitive data
  • Implement strict application allowlisting and monitor for unauthorized app installations

🔍 How to Verify

Check if Vulnerable:

Check current OS version against affected versions list

Check Version:

macOS: sw_vers -productVersion, iOS/iPadOS: Settings > General > About > Version, tvOS: Settings > General > About > Version

Verify Fix Applied:

Verify OS version matches or exceeds patched versions listed

📡 Detection & Monitoring

Log Indicators:

  • Unexpected kernel extensions loading
  • Unusual process spawning with elevated privileges
  • Unauthorized app installations

Network Indicators:

  • Unusual outbound connections from system processes
  • Suspicious network activity from kernel-level components

SIEM Query:

process where parent_process_name contains "kernel" and process_name not in (approved_process_list)

📊 Metadata

CVE ID: CVE-2023-41063
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Published: September 27, 2023
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON